You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by superk888 <su...@gmail.com> on 2009/11/12 13:04:29 UTC
WSS4J Encryption with public key ???
Hi everyone,
I've implemented a Web Service that supports 2-ways encryption features
using the X.509 Certificates method. Everything works fine when using 2
pairs of keys as it is described in the Apache CXF documentation, but what I
am trying to do, is to use only one pair of keys : server-side keeps its own
private key and gives its public key to the service client. Consequently,
client-side has to encrypt messages before sending with the server's public
key, which should work since this is an asymmetric encryption method.
Nevertheless, my service client succeeds to encrypt a message with the
server's public key but when the latter sends a response, my service client
fails to decode the encrypted response. Is this case, I got the following
error :
2009-11-12 12:55:22,261 [main] ERROR
org.apache.ws.security.components.crypto.CryptoBase - Cannot find key for
alias: [myAlias] in keystore of type [jks] from provider [SUN version 1.5]
with size [1] and aliases: {myAlias}
12-nov.-2009 12:55:22 org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor
handleMessage
ATTENTION:
org.apache.ws.security.WSSecurityException: The signature or decryption was
invalid; nested exception is:
java.lang.Exception: Cannot find key for alias: [myAlias]
at ...
...
Caused by: java.lang.Exception: Cannot find key for alias: [myAlias]
at
org.apache.ws.security.components.crypto.CryptoBase.getPrivateKey(CryptoBase.java:214)
at
org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKey(EncryptedKeyProcessor.java:328)
... 71 more
12-nov.-2009 12:55:22 org.apache.cxf.phase.PhaseInterceptorChain doIntercept
ATTENTION: Interceptor has thrown exception, unwinding now
org.apache.cxf.binding.soap.SoapFault: The signature or decryption was
invalid; nested exception is:
For an unknown reason to me, the crypto engine is looking for a private key
in the specified keystore object, which actually only contains a certificate
since it is the server's public key:confused:
What am I missing?
--
View this message in context: http://old.nabble.com/WSS4J-Encryption-with-public-key-----tp26316077p26316077.html
Sent from the WSS4J mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: WSS4J Encryption with public key ???
Posted by Mayank Mishra <ma...@gmail.com>.
Hi,
superk888 wrote:
> Yep, I've figured it out afterward. But when working with asymmetric
> encryption, aren't we suppose to have 2 possibilities with one key pair?
>
> - A encrypts with A's private key --> B decrypts with A's public key
>
It's a signature operation which happens with A's private key and B
verifies the signature with A's public key. if we use public key to
decrypt then many guys 'C', 'D', 'E', etc would decrypt the message,
which we don't want, we wanted only 'B' to decrypt as it's encrypted for
'B' only. Hence, encryption won't work here. This is a Signature, where
everyone can come to know that only 'A' has sent the message.
> - A encrypts with B's public key --> B decrypts with B's private key
>
This is right for Encryption. We do encryption so that only one guy 'B'
who has it's private key can decrypt. All other's won't be having 'B's
private key, hence can't decrypt.
> Besides, there is something wrong with the WSPasswordCallback class from
> WSS4J : this class uses a private key to decrypt a message. It logically
> throws an exception when we try to decrypt with a public key.
>
> But then, why the hell does it allow to encrypt with a private key?
>
I hope this helps.
With Regards,
Mayank
>
> Colm O hEigeartaigh wrote:
>
>>
>>> For an unknown reason to me, the crypto engine is looking for a
>>>
>> private
>>
>>> key in the specified keystore object, which actually only contains a
>>> certificate since it is the server's public key:confused:
>>>
>> The client needs a private key to decrypt the (encrypted) message
>> received from the server. The service should be configured to encrypt
>> the response using the client's public key.
>>
>> Colm.
>>
>> -----Original Message-----
>> From: superk888 [mailto:superk888@gmail.com]
>> Sent: 12 November 2009 12:04
>> To: wss4j-dev@ws.apache.org
>> Subject: WSS4J Encryption with public key ???
>>
>>
>> Hi everyone,
>>
>> I've implemented a Web Service that supports 2-ways encryption features
>> using the X.509 Certificates method. Everything works fine when using 2
>> pairs of keys as it is described in the Apache CXF documentation, but
>> what I
>> am trying to do, is to use only one pair of keys : server-side keeps its
>> own
>> private key and gives its public key to the service client.
>> Consequently,
>> client-side has to encrypt messages before sending with the server's
>> public
>> key, which should work since this is an asymmetric encryption method.
>>
>> Nevertheless, my service client succeeds to encrypt a message with the
>> server's public key but when the latter sends a response, my service
>> client
>> fails to decode the encrypted response. Is this case, I got the
>> following
>> error :
>>
>> 2009-11-12 12:55:22,261 [main] ERROR
>> org.apache.ws.security.components.crypto.CryptoBase - Cannot find key
>> for
>> alias: [myAlias] in keystore of type [jks] from provider [SUN version
>> 1.5]
>> with size [1] and aliases: {myAlias}
>> 12-nov.-2009 12:55:22
>> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor
>> handleMessage
>> ATTENTION:
>> org.apache.ws.security.WSSecurityException: The signature or decryption
>> was
>> invalid; nested exception is:
>> java.lang.Exception: Cannot find key for alias: [myAlias]
>> at ...
>> ...
>> Caused by: java.lang.Exception: Cannot find key for alias: [myAlias]
>> at
>> org.apache.ws.security.components.crypto.CryptoBase.getPrivateKey(Crypto
>> Base.java:214)
>> at
>> org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKe
>> y(EncryptedKeyProcessor.java:328)
>> ... 71 more
>> 12-nov.-2009 12:55:22 org.apache.cxf.phase.PhaseInterceptorChain
>> doIntercept
>> ATTENTION: Interceptor has thrown exception, unwinding now
>> org.apache.cxf.binding.soap.SoapFault: The signature or decryption was
>> invalid; nested exception is:
>>
>> For an unknown reason to me, the crypto engine is looking for a private
>> key
>> in the specified keystore object, which actually only contains a
>> certificate
>> since it is the server's public key:confused:
>>
>> What am I missing?
>> --
>> View this message in context:
>> http://old.nabble.com/WSS4J-Encryption-with-public-key-----tp26316077p26
>> 316077.html
>> Sent from the WSS4J mailing list archive at Nabble.com.
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>>
>>
>>
>>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
RE: WSS4J Encryption with public key ???
Posted by superk888 <su...@gmail.com>.
Yep, I've figured it out afterward. But when working with asymmetric
encryption, aren't we suppose to have 2 possibilities with one key pair?
- A encrypts with A's private key --> B decrypts with A's public key
- A encrypts with B's public key --> B decrypts with B's private key
Besides, there is something wrong with the WSPasswordCallback class from
WSS4J : this class uses a private key to decrypt a message. It logically
throws an exception when we try to decrypt with a public key.
But then, why the hell does it allow to encrypt with a private key?
Colm O hEigeartaigh wrote:
>
>
>> For an unknown reason to me, the crypto engine is looking for a
> private
>> key in the specified keystore object, which actually only contains a
>> certificate since it is the server's public key:confused:
>
> The client needs a private key to decrypt the (encrypted) message
> received from the server. The service should be configured to encrypt
> the response using the client's public key.
>
> Colm.
>
> -----Original Message-----
> From: superk888 [mailto:superk888@gmail.com]
> Sent: 12 November 2009 12:04
> To: wss4j-dev@ws.apache.org
> Subject: WSS4J Encryption with public key ???
>
>
> Hi everyone,
>
> I've implemented a Web Service that supports 2-ways encryption features
> using the X.509 Certificates method. Everything works fine when using 2
> pairs of keys as it is described in the Apache CXF documentation, but
> what I
> am trying to do, is to use only one pair of keys : server-side keeps its
> own
> private key and gives its public key to the service client.
> Consequently,
> client-side has to encrypt messages before sending with the server's
> public
> key, which should work since this is an asymmetric encryption method.
>
> Nevertheless, my service client succeeds to encrypt a message with the
> server's public key but when the latter sends a response, my service
> client
> fails to decode the encrypted response. Is this case, I got the
> following
> error :
>
> 2009-11-12 12:55:22,261 [main] ERROR
> org.apache.ws.security.components.crypto.CryptoBase - Cannot find key
> for
> alias: [myAlias] in keystore of type [jks] from provider [SUN version
> 1.5]
> with size [1] and aliases: {myAlias}
> 12-nov.-2009 12:55:22
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor
> handleMessage
> ATTENTION:
> org.apache.ws.security.WSSecurityException: The signature or decryption
> was
> invalid; nested exception is:
> java.lang.Exception: Cannot find key for alias: [myAlias]
> at ...
> ...
> Caused by: java.lang.Exception: Cannot find key for alias: [myAlias]
> at
> org.apache.ws.security.components.crypto.CryptoBase.getPrivateKey(Crypto
> Base.java:214)
> at
> org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKe
> y(EncryptedKeyProcessor.java:328)
> ... 71 more
> 12-nov.-2009 12:55:22 org.apache.cxf.phase.PhaseInterceptorChain
> doIntercept
> ATTENTION: Interceptor has thrown exception, unwinding now
> org.apache.cxf.binding.soap.SoapFault: The signature or decryption was
> invalid; nested exception is:
>
> For an unknown reason to me, the crypto engine is looking for a private
> key
> in the specified keystore object, which actually only contains a
> certificate
> since it is the server's public key:confused:
>
> What am I missing?
> --
> View this message in context:
> http://old.nabble.com/WSS4J-Encryption-with-public-key-----tp26316077p26
> 316077.html
> Sent from the WSS4J mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
>
--
View this message in context: http://old.nabble.com/WSS4J-Encryption-with-public-key-----tp26316077p26341857.html
Sent from the WSS4J mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
RE: WSS4J Encryption with public key ???
Posted by Colm O hEigeartaigh <co...@progress.com>.
> For an unknown reason to me, the crypto engine is looking for a
private
> key in the specified keystore object, which actually only contains a
> certificate since it is the server's public key:confused:
The client needs a private key to decrypt the (encrypted) message
received from the server. The service should be configured to encrypt
the response using the client's public key.
Colm.
-----Original Message-----
From: superk888 [mailto:superk888@gmail.com]
Sent: 12 November 2009 12:04
To: wss4j-dev@ws.apache.org
Subject: WSS4J Encryption with public key ???
Hi everyone,
I've implemented a Web Service that supports 2-ways encryption features
using the X.509 Certificates method. Everything works fine when using 2
pairs of keys as it is described in the Apache CXF documentation, but
what I
am trying to do, is to use only one pair of keys : server-side keeps its
own
private key and gives its public key to the service client.
Consequently,
client-side has to encrypt messages before sending with the server's
public
key, which should work since this is an asymmetric encryption method.
Nevertheless, my service client succeeds to encrypt a message with the
server's public key but when the latter sends a response, my service
client
fails to decode the encrypted response. Is this case, I got the
following
error :
2009-11-12 12:55:22,261 [main] ERROR
org.apache.ws.security.components.crypto.CryptoBase - Cannot find key
for
alias: [myAlias] in keystore of type [jks] from provider [SUN version
1.5]
with size [1] and aliases: {myAlias}
12-nov.-2009 12:55:22
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor
handleMessage
ATTENTION:
org.apache.ws.security.WSSecurityException: The signature or decryption
was
invalid; nested exception is:
java.lang.Exception: Cannot find key for alias: [myAlias]
at ...
...
Caused by: java.lang.Exception: Cannot find key for alias: [myAlias]
at
org.apache.ws.security.components.crypto.CryptoBase.getPrivateKey(Crypto
Base.java:214)
at
org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKe
y(EncryptedKeyProcessor.java:328)
... 71 more
12-nov.-2009 12:55:22 org.apache.cxf.phase.PhaseInterceptorChain
doIntercept
ATTENTION: Interceptor has thrown exception, unwinding now
org.apache.cxf.binding.soap.SoapFault: The signature or decryption was
invalid; nested exception is:
For an unknown reason to me, the crypto engine is looking for a private
key
in the specified keystore object, which actually only contains a
certificate
since it is the server's public key:confused:
What am I missing?
--
View this message in context:
http://old.nabble.com/WSS4J-Encryption-with-public-key-----tp26316077p26
316077.html
Sent from the WSS4J mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org